CVE-2007-4769

Опубликовано: 09 янв. 2008

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

Ссылки

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
http://secunia.com/advisories/28359
Vendor Advisory
http://secunia.com/advisories/28376
Vendor Advisory
http://secunia.com/advisories/28437
Vendor Advisory
http://secunia.com/advisories/28438
Vendor Advisory
http://secunia.com/advisories/28454
Vendor Advisory
http://secunia.com/advisories/28455
Vendor Advisory
http://secunia.com/advisories/28464
Vendor Advisory
http://secunia.com/advisories/28477
http://secunia.com/advisories/28479
Vendor Advisory
http://secunia.com/advisories/28679
Vendor Advisory
http://secunia.com/advisories/28698
Vendor Advisory
http://secunia.com/advisories/29638
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200801-15.xml
http://securitytracker.com/id?1019157
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.317:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*

cpe:2.3:a:tcl_tk:tcl_tk:*:*:*:*:*:*:*:*

Версия до 8.4.16 (включая)

EPSS

Процентиль: 77%

0.01079

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-189

Связанные уязвимости

CVE-2007-4769

ubuntu

больше 17 лет назад

CVE-2007-4769

redhat

больше 17 лет назад

CVE-2007-4769

debian

больше 17 лет назад

The regular expression parser in TCL before 8.4.17, as used in Postgre ...

GHSA-66vv-jcch-hx6x

github

около 3 лет назад

ELSA-2008-0038

oracle-oval

больше 17 лет назад

ELSA-2008-0038: Moderate: postgresql security update (MODERATE)

EPSS

Процентиль: 77%

0.01079

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-189